USN-966-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-966-1

linux, linux-{source-2.6.15,ec2,mvl-dove,ti-omap} vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.04 LTS

Ubuntu 9.10

Ubuntu 9.04

Ubuntu 8.04 LTS

Ubuntu 6.06 LTS

Summary

Multiple security flaws.

Software description

linux
- Linux kernel

linux-ec2
- Linux kernel for EC2

linux-mvl-dove
- Linux kernel for MVL Dove

linux-source-2.6.15
- Linux kernel

linux-ti-omap
- Linux kernel for TI Omap

Details

Junjiro R. Okajima discovered that knfsd did not correctly handlestrict overcommit. A local attacker could exploit this to crash knfsd,leading to a denial of service. (Only Ubuntu 6.06 LTS and 8.04 LTS wereaffected.) (CVE-2008-7256, CVE-2010-1643)

Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP didnot correctly handle invalid parameters. A remote attacker could sendspecially crafted traffic that could crash the system, leading to adenial of service. (CVE-2010-1173)

Mario Mikocevic discovered that GFS2 did not correctly handle certainquota structures. A local attacker could exploit this to crash thesystem, leading to a denial of service. (Ubuntu 6.06 LTS was notaffected.) (CVE-2010-1436)

Toshiyuki Okajima discovered that the kernel keyring did not correctlyhandle dead keyrings. A local attacker could exploit this to crash thesystem, leading to a denial of service. (CVE-2010-1437)

Brad Spengler discovered that Sparc did not correctly implementnon-executable stacks. This made userspace applications vulnerable toexploits that would have been otherwise blocked due to non-executablememory protections. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1451)

Dan Rosenberg discovered that the btrfs clone function did not correctlyvalidate permissions. A local attacker could exploit this to readsensitive information, leading to a loss of privacy. (Only Ubuntu 9.10was affected.) (CVE-2010-1636)

Dan Rosenberg discovered that GFS2 set_flags function did not correctlyvalidate permissions. A local attacker could exploit this to gainaccess to files, leading to a loss of privacy and potential privilegeescalation. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1641)

Shi Weihua discovered that btrfs xattr_set_acl function did notcorrectly validate permissions. A local attacker could exploitthis to gain access to files, leading to a loss of privacy andpotential privilege escalation. (Only Ubuntu 9.10 and 10.04 LTS wereaffected.) (CVE-2010-2071)

Andre Osterhues discovered that eCryptfs did not correctly calculatehash values. A local attacker with certain uids could exploit this tocrash the system or potentially gain root privileges. (Ubuntu 6.06 LTSwas not affected.) (CVE-2010-2492)

Update instructions

The problem can be corrected by updating your system to the following
package version: